Veriexec is a file-signing scheme for the NetBSD operating system.
It introduces a special device node (/dev/veriexec) through which a signature list can be loaded into the kernel.
When Veriexec is enabled at level 0, the kernel will simply warn about signature mismatches.
At level 2, it prevents signed files from being overwritten or deleted.
At the highest, level 3, the kernel will not allow unsigned files to be accessed at all.